Implemented code fixes to address "SBIE2101" issues caused by Windows Defender "App & Browser Control" in Windows 8.1 and 10 [If you are using the "Windows SmartScreen Template from Beta 5.21.7, you will need to remove it after installing Sandboxie 5.22].

Implemented a driver fix for a BSOD occurring when Webroot is installed and a new Sandbox is created while a ForceProcess is started.

Version 5.14

Released on 26 September 2016.

Added new Sbie setting BlockNetworkFiles. It is available under Sandboxie Settings -> Restrictions.

When BlockNetworkFiles=y, sandboxed applications are blocked from reading network files or folders. Individual files/folders can be opened for reading/writing using the normal Resource Access settings.

Version 5.04

Released on 22 September 2015.

Windows 10 support up to build 10547

NOTE: Metro applications are not supported at this time. This includes the MS Edge browser. If you tell Sandboxie to start your default browser, and the default browser is Edge, Sandboxie will start IE instead.

Win 10 KB3081455 and Win 8.1 KB3087039 on 9/8/2015 that broke Explorer, Skype, Quicktime, and possibly other apps has been fixed.

The print spooler (spoolsv.exe) is now permitted to write files to the system temp folder (windows\temp) and the user temp folder (\Users\<username>\AppData\Local\Temp)

A bug where some users in Win 8.1+ would not see any printers installed has been fixed.

DeleteVolumeMountPoint security vulnerability has been blocked.

Adobe snapshot copy/paste now supported.

Code was updated to use newer Microsoft SDK/DDK.

Fixed several issues with SandboxieRpcSs.exe that could lead to a crash or failure to start.

Version 4.18

Released on 28 May 2015.

A security hole with the Windows print spooler has been plugged. An application could use the print spooler to write an arbitrary file outside the sandbox. If Sandboxie detects that the print spooler is attempting to write a file outside the sandbox at the request of a sandboxed application, it will issue "SBIE1319 Blocked spooler print to file".

NOTE: Some printer drivers write temporary files to their own work area, even when not printing to file. In these cases, you will get SBIE1319 even when printing normally (not to file). The print may still print successfully. In this situation, you can safely ignore SBIE1319, hide the error message, or open the folder as described below.

There are 3 ways to allow the print spooler to print to file:

1) If you trust the process that is printing, you can double-click the SBIE1320 (that follows SBIE1319) to allow the print spooler to write files outside the sandbox for that particular process. 2) The spooler can write files outside the sandbox according to OpenFilePath settings. This enables you to permanently open the folders a particular printer driver uses to store its work files. 3) You can manually add the setting AllowSpoolerPrintToFile=y to sandboxie.ini. This is not recommended as it leaves your sandbox open to a print spooler exploit.

Any error msgs generated when auto-deleting a sandbox will now be shown to the user.

Fixed Chrome SBIE2205 Service not implemented: Win32Init.5 (00000005)

Added Hitman Pro Alert to templates.ini

Changed hook for ChangeDisplaySettingsEx() to allow CDS_RESET. A user reported that a game (fifa15) is trying to use this and failing resulting in incorrect display colors.

Distributed File System (DFS) mapped drives are now supported (viewtopic.php?f=11&t=18825&p=100656)

VMWare HGFS (Host Guest File System) mapped drives are now supported.

A BSOD bugcheck reported by a user when using bittorrent has been removed (this was a rare situation). SbieDrv was detecting corrupted memory when no corruption had occurred.

Version 4.16

Major redesign of hooking/injection code. ASLR is now enabled for 64 bit (it was already enabled for 32 bit).

VC Redistributables are no longer downloaded by the combined 32/64 installer. The required VC DLLs are now included in the installer binary (which is why it is much larger now).

KB3031432 in Win 8-64 causes 64 bit applications to crash.

Sbie now detects when a sandboxed application starts WerFault.exe because it has crashed, and gives WerFault plenty of time to create a crash DMP file.

WerFault has a couple of flaws. It doesn't create the crash DMP until the user presses OK on the crash popup dialog box. If the user does not respond quickly, the crashed application will exit memory and the DMP cannot be created. So now Sbie disables the WerFault dialog box and issues its own SBIE2224 "Sandboxed program has crashed". WerFault also must be given enough time to do various Internet activities before the application exits.

A security problem reported by a user has been fixed: hard links could be created outside the sandbox. CreateHardLink API is now blocked.

Removed Avast from the list of known conflicts in templates.ini. This means Sandboxie will no longer popup the dialog box telling you to "review the Known Conflicts page..." when Avast is detected.

Fixed: certificate revocation information is sometimes unavailable. IE occasionally popped up dialog "Revocation information for the security certificate for this site is not available. Do you want to proceed?"

Sandboxie would issue error SBIE2205 Service not Implemented: LoadedModules.

The auto-update feature only checked the next update time (sandbox.ini setting SbieCtrl_NextUpdateCheck) 1 time when SbieCtrl.exe was started. If SbieCtrl.exe was kept running, it would never check the update time again.

OpenIpcPath=\BaseNamedObjects\FontCachePort is now in templates.ini as a default. Until now, this was a suggested work-around for some Chrome 37 problems.

NOTE: the default only applies to new installs. For existing installs, you need to go into Sandbox settings->Applications->Miscellaneous, and check the option "Allow direct access to Windows Font Cache"

Added hook for GetProcessImageFileName/NtQueryInformationProcess so it now returns the sandboxed path.

Improvements to the Dutch language text.

The SbieSvc startup time has been increased from 5 seconds to 15 seconds to eliminate the following sequence of startup errors:

Malware DarkComet is using a quirk in Windows to put up a MessageBox that does not have the sandboxed yellow window border. This poses no security risk, but to prevent user concern, this has been fixed.

The combined installer SandboxieInstall.exe now checks for the VC Redistributables DLLs Sandboxie requires. If they are not up to date (10.0.40219.325), the installer will download and install the VC Redist. from sandboxie.com.

If SandboxieInstall.exe tries to download the VC Redistributables and fails, there is now a retry option.

To clarify:
SandboxieInstall.exe does not contain MS VC DLLs. If they are not already installed or are not up to date, the installer will download the VC Redist. installer package and execute it.
SandboxieInstall32.exe & SandboxieInstall64.exe contain the DLLs Sandboxie requires. If they are not installed or are not up to date, the installer copies the ones required into system32. The VC Redist. installer is not downloaded or executed.

Version 4.12

The MS Visual C++ redistributable libraries have been broken out into a separate download. These now download and install during the Sandboxie install. Installing them this way will enable them to be automatically updated by Windows Update should MS issue any hotfixes.

Fixed the following startup errors on the Dell Venue and other Win 8.1 tablets. SBIE2336 Error in GUI server. SBIE2335 Initialization failed for process Start.exe

Fixed for Windows 8.1 update KB2919355.

Fixed several additional C0000142 (STATUS_DLL_INIT_FAILED) bugs. These could also show up as "CRT not initialized" or "DLL failed to initialize" errors and could also sometimes cause the sandboxed application to crash on start.

Incompatibility with FFX 27 and Avast that caused FFX to run with no visible windows.

Chrome crash when reporting an issue under Tools->Report an issue...

Fixed a problem with DFS drives (Distributed File System)

The "InjectDll" setting would sometimes cause DLL initialization to fail with the message "CRT not initialized" or "DLL failed to initialize".

Version 3.62

This version is primarily a bug-fix release which resolves a few issues reported in version 3.60.

Bug Fixes

Sandboxie Control would crash if one of the Quick Recovery folders is a reparse point

Sandboxie Control would not forget its window size and position in a multiple monitor setup.

A file that matches a direct access setting could be handled incorrectly (1) if renamed to a name which no longer matches any direct access settings; or (2) if its parent folder did not exist outside the sandbox.

Version 3.48

Version 3.48 introduces new Product Keys to replace old Registration Keys, and requires periodic online activation of Product Key. Online Product Activation is not designed to circumvent the terms of the license, those terms remain the same as ever. For more information, please see FAQ Licensing.

Version 3.44

Single installation EXE contains both 32-bit and 64-bit editions of Sandboxie.

Improved Disable Forced Programs mode.

Hold Ctrl+Shift while invoking the right-click Run Sandboxed command on a program that is forced, to run the program outside the supervision of Sandboxie.

When Disable Forced Programs is used to start some forced program X outside the supervision of Sandboxie, then any other forced programs started by that program X will also start outside the supervision of Sandboxie.

Improved support for User Account Control (UAC) elevation by sandboxed programs.

Version 3.40

Improved support for User Account Control (UAC) elevation: Elevation requests are handled by the Sandboxie Start.exe program. (Windows Vista/7. Elevation from a standard user account is not supported at this time.)

Improved support for WinSxS assemblies eliminates error 14001 for sandboxed programs, and makes it possible to install a wider range of software.

A new "Run As UAC Administrator" option appears in the Run Any Program window and the right-click Run Sandboxed sandbox selection window. (Windows Vista/7.)

Sandbox folders are created with a Sandboxie icon.

Fixes:

Tightened protection to prevent actions by malicious programs such as closing windows outside the sandbox, changing the password for the logged-on user account, changing system parameters or colors, or initiating logoff sequence.

SandboxieCrypto service takes only a few seconds to start, rather than a few minutes. (Windows Vista/7.)

Alleviate need for all programs in the sandbox to run as Administrator when installing new software, thus permitting software to be installed directly from the browser, for example. (Typically applies to Windows Vista/7.)

SBIE1116 errors on Windows XP which prevented Sandboxie from starting.

Sandboxed Outlook using incorrect account password.

Sandboxed programs and Sandboxie Control immediately recognize new drive letters that appear (for example as a result of mounting a USB drive).

Firefox 3:

Added default exclusion for the Firefox database of phishing sites, urlclassifier*.sqlite files, to improve start-up time of sandboxed Firefox, and reduce the time needed to recreate this database when the sandbox is deleted.

Usability improvements in Sandboxie Control:

Real paths are displayed instead of the %placeholder% notation.

Hiding SBIE messages through Sandboxie Control hides the message only for the detail specified in the message.

Desktop icons do not flicker when Sandboxie Control window is visible.

For Windows Vista, added more requests for UAC elevation where necessary.

Further improvements to the following issues:

Improved support for network shares exposed by Windows computers (including Quick and Immediate Recovery, and Direct and Full Access)

There remain some difficulties in accessing network shares exposed by some NAS devices

Full support for programs installing and using WinSxS assemblies on both Windows XP and Windows Vista

When re-creating a deleted sandboxed folder, for which there is a corresponding real folder, the folder will be re-created empty. In earlier versions, the folder would re-created with the contents of the real folder.

Version 2.86

New Immediate Recovery can recover files as soon as they are saved into folders configured as recoverable. Use Sandboxie Control -> Configuration menu -> Sandbox Settings -> Set Automatic Clean-Up Options to enable this feature.

Auto-complete information is pulled from the outside system into the sandbox, allowing input boxes on Web forms and password information to have information readily available inside the sandbox. (Since 2.35)

Version 2.0

Improved security and isolation of sandboxed programs that are trying to reach into and alter non-sandboxed programs.

Automatic support for running Outlook Express sandboxed and not losing mail. Possible also with other mail programs, after some further configuration.

Delete Contents of Sandbox can start automatically after all sandboxed programs are closed, or when Sandboxie itself closes. New Quick Recovery tool allows for easy one-click recovery of files before the sandbox is emptied.

Sandboxie can issue alerts when specific programs are started outside the sandbox.

Easier installation of desktop and quick-launch shortcuts to run your Web browser sandboxed.

Shadow registry keys that represent sandboxed registry keys will be discarded when the computer restarts. (They are all empty anyway.)

Small performance improvement due to less files being copied into the sandbox, if the files are not going to be updated.

Improved support for concurrent use of Sandboxie by multiple users of the same computer. (For users sharing a computer through Fast User Switching or Terminal Services)

Now configurable: the folder where the sandbox resides; the size limit for copying files into the sandbox (previously fixed at 32MB).

New concept of "Open" and "Closed" paths allowing specific programs full-access or no-access, respectively, to specific folders and registry keys.

Version 1.8

Sandboxie implements auto-complete for Web forms and other uses. (Auto-complete data entered when using Sandboxie is not visible outside the sandbox.)

Note: It may be necessary to empty the sandbox once, after upgrading to version 1.8, before the auto-complete feature becomes usable. This is because previous versions of Sandboxie purposely disabled this feature inside the sandbox.

The Run Program... dialog now maintains a history of typed commands. Automatic command completion now works with both Windows 2000 as well as Windows XP.

The audio device becomes accessible within the sandbox.

Sandboxed programs may install icons in the system notification area. Specifically this means better support for the Avant browser.

Resolved the conflict with the Zone Alarm firewall product.

Fixed a problem with Internet access when the proxy setting is set to automatic proxy detection. This typically manifested itself as a browser trying to detect proxy settings indefinately.

And more features to increase overall stability and the range of usable programs. (It is now possible to run even the Windows Calculator under Sandboxie.)

Version 1.7

Sandboxie is now able to run a sandboxed instances of most programs side-by-side with the unsandboxed instances of the same program. This means Firefox should now be on the same level of usability with Sandboxie as Internet Explorer is.

A new Run Program... feature in Sandboxie Control adds the ability to launch any program.

Nicer dialog for Empty Sandbox, which also deletes the shadow registry keys created for the sandbox.

Opening or explorer a folder from within a sandboxed process will open the target folder sandboxed.

For better system protection, Sandboxed programs are not allowed access to the system Service Control Manager.

Version 1.6

This version of Sandboxie fixes many problems with the isolated COM framework that is used by programs running under the control of Sandboxie.

The long standing problem of Internet Explorer not coming up has been resolved, at least in some of the cases. In those cases that I observed, it was waiting for the Sandboxie COM framework to come up, but that framework was hung.

It's now possible to embed ActiveX Controls and OLE compound documents within applications. For example, viewing a PDF document using Internet Explorer opens the document (using Acrobat Reader) within the browser, rather than out of the browser.

Web radio is now possible, again due to better COM suport, though I have experienced some problems getting it to work under Windows 2000.

The system driver is started later in the initialization process of the system, in order to reduce possibility of conflict with other drivers. This change has resolved a system crash with a blue screen at least in one case.

Sandboxie Control can now work even when started by a restricted user in the system.

Stronger isolation of sandboxed processes from the outside system: more system object classes, in addition to disk files and registry keys, are now sandboxed.

Version 1.5

Sandboxie Control will periodically check if a new version is available on this web site.

Sandboxie is still free of charge, and you may use it for any length of time you desire. However, if you find Sandboxie useful, you are encouraged to become a registered user by paying a small registration fee.

Version 1.4

This version should fix any system lock ups previously caused by Sandboxie. It also provides better separation between sandboxed and non-sandboxed programs running simultaneously, and better identification by displaying the sign "[#]" in the title bar of running sandboxed programs.

Sandboxie is still free of charge, and you may use it for any length of time you desire. However, if you find Sandboxie useful, you are encouraged to become a registered user by paying a small registration fee.

Version 1.25

This version fixes most of the problems previously listed in the Known Problems section. Particularly, the problem of sharing of history and temporary internet files between the sandbox and the real system.

This version also makes it possible to install Internet Explorer toolbars into the sandbox.